Security

(public)

User Story

Jeff (CCd) had security.fileuri.strict_origin_policy set to false (it seems there is some internet advice around this) and at startup got errors related to quotamanager not liking file+++UNIVERSAL_FILE_URI_ORIGIN.
Is this a quotamanager issue or a CAPS issue?

security.fileuri.strict_origin_policy set to false means your entire disk is the same origin, as it was originally. This was an escape valve added when we tightened the policy to "same and sub directories" in case we broke some people's workflows, but it's not a safe setting. If you open a local file with malicious scripts it can now read any sensitive data on your drive.
[In comparison Chrome and Safari one-upped us and make every file: uri a unique origin, which solves some additional security risks our version still has.]